Authorization bypass through user-controlled key in ZooKeeper - CVE-2023-44981
Published: November 20, 2023
Vulnerability identifier: #VU83312
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-44981
CWE-ID: CWE-639
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Apache Foundation
Affected software:
ZooKeeper
ZooKeeper
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to improper implementation of SASL Quorum Peer authentication. The instance part in SASL authentication ID, which is listed in zoo.cfg server
list, is optional and if it's missing,
the authorization check will be skipped. As a
result an arbitrary endpoint could join the cluster and begin
propagating counterfeit changes to the leader, essentially giving it
complete read-write access to the data tree.
How to mitigate CVE-2023-44981
Install updates from vendor's website.